How (the Lack of) Cybersecurity Threatens Industrials

It’s time to get serious about protecting IIoT

Updated on Jan 11, 2018

When it comes to cybersecurity, many industrial companies are not doing enough to protect their data and operations against attacks. This can make industrial sites vulnerable to hackers looking to gain access to manufacturing capabilities and information.

A new survey conducted by LNS Research and sponsored by Honeywell found that two-thirds of the respondents don’t even monitor for suspicious cyber behavior. “Putting Industrial Cybersecurity at the Top of the CEO Agenda” polled 130 strategic decision-makers from industrial companies around the world to understand their approaches to the Industrial Internet of Things (IIoT) and their use of industrial cybersecurity technologies and practices.

Here are the results:

37% of plants monitor for suspicious behaviorTakeaway: Prevention is always easier than treating a problem after the fact. Cybersecurity attacks and breaches often lead to unplanned downtime, which is the single biggest cause of profit loss for industrial companies. Executives should invest in cyber monitoring solutions that help detect suspicious activity the moment it starts, so they can prevent attacks before they happen.

45% do not have an accountable enterprise leader for cybersecurityTakeaway: Effective cybersecurity practices require effective leaders, who are crucial in driving IIoT success. Companies should identify and appoint leaders who can work across functions, and who are comfortable leading digital strategies that include cybersecurity operations.

More than half of those working in an industrial facility have already experienced a breachTakeaway: Sometimes, one breach is all it takes to cause irreparable damage to a company. Even if the business financially recovers, its reputation—and credibility—might not. Leaders, including CEOs, will want to make it a strategic imperative to drive best practice adoption across people, processes and technologies—from access controls to risk monitoring. If necessary, they should also solicit external expertise to fill in any gaps.
20% don’t conduct regular risk assessmentsTakeaway: Not conducting regular assessments is like not having annual health exams: It increases the chance that something harmful could go undetected until it is too late. CEOs, working with cybersecurity leaders, should establish a regular schedule of check-ups to ensure that they are protected from cyber threats on all levels.